diff options
author | Colin Cross <ccross@android.com> | 2018-02-28 16:19:41 -0800 |
---|---|---|
committer | Colin Cross <ccross@android.com> | 2018-02-28 16:21:03 -0800 |
commit | bb7dab15c8f2839694a4ced717ea2102e9a5b2a1 (patch) | |
tree | 01bd432e31d7cf56674aa9b4f2b00ed315386305 /darwin-x86/jre/lib/security | |
parent | 9396a3bdcaea77fc7e633b79fad487f76954e90d (diff) | |
download | jdk8-bb7dab15c8f2839694a4ced717ea2102e9a5b2a1.tar.gz |
Switch to JDK build 1.8.0_152-android-4343112-1android-wear-p-preview-2android-p-preview-5android-p-preview-4android-p-preview-3android-p-preview-2android-p-preview-1android-o-mr1-iot-release-1.0.2android-o-mr1-iot-release-1.0.1android-o-mr1-iot-release-1.0.0android-o-mr1-iot-preview-8android-o-mr1-iot-preview-7o-mr1-iot-preview-8o-mr1-iot-preview-7
Test: m EXPERIMENTAL_USE_OPENJDK9=false checkbuild
Test: prebuilts/devtools/tools/ddms on mac
Change-Id: Ib6f865809430e56b788d6e0f4437fb8d603343d0
Diffstat (limited to 'darwin-x86/jre/lib/security')
-rw-r--r-- | darwin-x86/jre/lib/security/java.security | 85 |
1 files changed, 44 insertions, 41 deletions
diff --git a/darwin-x86/jre/lib/security/java.security b/darwin-x86/jre/lib/security/java.security index 30ef845..2a08b6f 100644 --- a/darwin-x86/jre/lib/security/java.security +++ b/darwin-x86/jre/lib/security/java.security @@ -736,67 +736,70 @@ jdk.tls.legacyAlgorithms= \ # Cryptographic Jurisdiction Policy defaults # -# Due to the import control restrictions of some countries, the default -# JCE policy files allow for strong but "limited" cryptographic key -# lengths to be used. If your country's cryptographic regulations allow, -# the "unlimited" strength policy files can be used instead, which contain -# no restrictions on cryptographic strengths. +# Import and export control rules on cryptographic software vary from +# country to country. By default, the JDK provides two different sets of +# cryptographic policy files: # -# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY -# TO DETERMINE THE EXACT REQUIREMENTS. +# unlimited: These policy files contain no restrictions on cryptographic +# strengths or algorithms. # -# <java-home> (below) refers to the directory where the JRE was -# installed. It is determined based on whether you are running JCE -# on a JRE or a JRE contained within the Java Development Kit, or -# JDK(TM). The JDK contains the JRE, but at a different level in the -# file hierarchy. For example, if the JDK is installed in -# /home/user1/jdk1.8.0 on Unix or in C:\jdk1.8.0 on Windows, then -# <java-home> is: +# limited: These policy files contain more restricted cryptographic +# strengths, and are still available if your country or +# usage requires the traditional restrictive policy. # -# /home/user1/jdk1.8.0/jre [Unix] -# C:\jdk1.8.0\jre [Windows] +# The JDK JCE framework uses the unlimited policy files by default. +# However the user may explicitly choose a set either by defining the +# "crypto.policy" Security property or by installing valid JCE policy +# jar files into the traditional JDK installation location. To better +# support older JDK Update releases, the "crypto.policy" property is not +# defined by default. See below for more information. # -# If on the other hand the JRE is installed in /home/user1/jre1.8.0 -# on Unix or in C:\jre1.8.0 on Windows, and the JDK is not -# installed, then <java-home> is: +# The following logic determines which policy files are used: # -# /home/user1/jre1.8.0 [Unix] -# C:\jre1.8.0 [Windows] +# <java-home> refers to the directory where the JRE was +# installed and may be determined using the "java.home" +# System property. # -# On Windows, for each JDK installation, there may be additional -# JREs installed under the "Program Files" directory. Please make -# sure that you install the unlimited strength policy JAR files -# for all JREs that you plan to use. +# 1. If the Security property "crypto.policy" has been defined, +# then the following mechanism is used: # -# The policy files are jar files organized into subdirectories of +# The policy files are stored as jar files in subdirectories of # <java-home>/lib/security/policy. Each directory contains a complete # set of policy files. # -# The "crypto.policy" Security property controls the directory selection, -# and thus the effective cryptographic policy. +# The "crypto.policy" Security property controls the directory +# selection, and thus the effective cryptographic policy. # # The default set of directories is: # # limited | unlimited # -# however other directories can be created and configured. -# -# To support older JDK Update releases, the crypto.policy property -# is not defined by default. When the property is not defined, an -# update release binary aware of the new property will use the following -# logic to decide what crypto policy files get used : -# -# * If the US_export_policy.jar and local_policy.jar files are located -# in the (legacy) <java-home>/lib/security directory, then the rules -# embedded in those jar files will be used. This helps preserve compatibility +# 2. If the "crypto.policy" property is not set and the traditional +# US_export_policy.jar and local_policy.jar files +# (e.g. limited/unlimited) are found in the legacy +# <java-home>/lib/security directory, then the rules embedded within +# those jar files will be used. This helps preserve compatibility # for users upgrading from an older installation. # -# * If crypto.policy is not defined and no such jar files are present in -# the legacy locations, then the JDK will use the limited settings -# (equivalent to crypto.policy=limited) +# 3. If the jar files are not present in the legacy location +# and the "crypto.policy" Security property is not defined, +# then the JDK will use the unlimited settings (equivalent to +# crypto.policy=unlimited) # # Please see the JCA documentation for additional information on these # files and formats. +# +# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY +# TO DETERMINE THE EXACT REQUIREMENTS. +# +# Please note that the JCE for Java SE, including the JCE framework, +# cryptographic policy files, and standard JCE providers provided with +# the Java SE, have been reviewed and approved for export as mass market +# encryption item by the US Bureau of Industry and Security. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# #crypto.policy=unlimited # |